Authorization Code Flow: Obtaining of an Authorization Code
To obtain an authorization code, the client application connects to the authorization
endpoint of MYOB Acumatica with the GET
HTTP method and specifies the parameters of the request in
the URL. For details on the request and the response, see the following sections.
HTTP Method and URL
The client application connects to the authorization endpoint of MYOB Acumatica with theGET
method. The client application can use one of the following
options for the URL:- If the client application supports OpenID Connect
Discovery, the client application can use the discovery endpoint address, as shown in
the following code.
https://<MYOB Acumatica instance URL>/identity/.well-known/openid-configuration
Note:We recommend that the client application use the discovery endpoint address, which eliminates the need to change the application if the target endpoint address changes. - The client application can directly use the
authorization endpoint address, which is shown in the following code.
https://<MYOB Acumatica instance URL>/identity/connect/authorize
Parameters
Parameter | Description |
---|---|
response_type | The type of the flow, which must be set to code for the
Authorization Code flow. |
client_id |
The client ID that was assigned to the client application during the registration of the application in MYOB Acumatica. The client ID must have the format in which the ID was generated during the registration of the application. That is, the client ID must include an auto-generated string and the ID of the tenant, such as 88358B02-A48D-A50E-F710-39C1636C30F6@MyTenant. The client application will have access to the data of the tenant specified in the client ID. |
redirect_uri |
The URI in the client application to which the response to the request should be sent. The URI must exactly match one of the values specified for the application in the Redirect URI column on the Redirect URIs tab of the Connected Applications (SM303010) form. |
scope |
The access scope that is requested by the client application. The scope can be a combination of the following values, delimited by spaces:
|
Response
Once the user grants access to the requested scopes, MYOB Acumatica redirects the client application to the redirect_uri address that was specified in the request, and adds the authorization code in the code URL parameter.
Example
GET https://localhost/AcumaticaDB/identity/connect/authorize?
response_type=code
&client_id=58FCCFBD-0CF3-C047-B720-A631C976A8DD@U100
&redirect_uri=http%3A%2F%2Flocalhost%2Fclientapp%2F
&scope=api%20offline_access
Once the user grants access to the requested scopes, MYOB Acumatica redirects the client application to the following URL: https://localhost/clientapp/?code=rOBVT0nmPhaXlHeBpE81iJBrfIt5r7ud5_2czGYIr14&scope=api%20offline_access.